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About this Guide 
About Qualys 


About this Guide 


Thank you for your interest in Qualys Vulnerability Management, Detection, and Response 
(VMDR). Qualys VMDR expands the capabilities of the Qualys Cloud Platform to discover, 
assess, prioritize, and patch critical vulnerabilities in real time and across your global 
hybrid-IT landscape — all from a single solution.. 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com 


Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access support information at www.qualys.com/support/ 


About VMDR 


About VMDR 


Vulnerability Management, Detection and Response (VMDR) enables you to discover, 
assess, prioritize, and patch critical vulnerabilities and misconfigurations in real time and 
across your global hybrid-IT landscape all in one solution. 


It helps you get continuous vulnerability assessments with cloud agents, network level 
visibility using network scanners and multiple types of sensors' and leverages artificial 
intelligence to instantly assess and prioritize threats based on relevant context. 


VMDR starts with asset discovery and inventory to make sure you have an accurate 
account of all devices in your environment. 


We'll help you get started quickly! 


Know your Subscription Type 
If you are an existing VM customer then you are upgraded to VMDR experience by default 
and you can buy VMDR to get additional features. 


With VMDR experience you get 
- Asset inventory across environments like: Certificate, Cloud, Container, Mobile Devices 


- Unlimited sensors to help you identify those assets: Virtual Passive Sensors, Cloud 
Agents, Mobile Agents, Container Sensors 


- Search any asset in seconds using over 200+ searchable attributes 


- Customizable dashboards and widgets with trending information 


Once you upgrade to VMDR you!ll also get 


- Security Configuration Assessment to start configuration assessment and identify 
security misconfigurations on your assets based on CIS benchmarks 


- Threat-based Prioritization based on continuously updated Real-time threat indicators 


- Real-time Alerting by email of critical vulnerabilities and changes to your external 
perimeter, etc. 


- Detection of missing patches in context of the detected vulnerabilities 
- Initiate deployment of missing patches from the Prioritization report directly 


Note: Deployment of patches is available only for customers with the Patch Management 
add-on 


About VMDR 
How does it work? 


How does it work? 


With VMDR, you will be able to accomplish real time asset discovery and vulnerability 
information, prioritizing or short listing the vulnerabilities according to the threat 
intelligence and detecting and deploying right remedial patches at the click of a button. 


Identify Assets Discover Vulnerabilities & Prioritize Threats Detect & Deploy Missing 
= Continuously discover your IT assets Misconfigurations Use real-time threat intelligence and @ Patches 
that are on-prem, cloud, r Detect vulnerabilities with six-sigma machine learning to prioritize Promptly and effortlessly deploy the 
vidini 


container, applications pr accuracy and use CIS Benchmarks to vulnerabilities with the highest risk most relevant superseding patches to 
100% real-time visibility uncover misconfigurations remediate prioritized vulnerabilities 
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Identify Assets 


Start identifying assets by installing Cloud Agents or upgrading existing agents for VMDR. 
Assign tags to categorize and organize your assets. You can also use other methods such 
as Scanners, Passive Sensor, Cloud Inventory, Container Inventory, Mobile Device 
Inventory to build your inventory. To know more refer to Identify your Assets 


Discover Vulnerabilities & Misconfigurations 


Our always up-to-date signature database continuously discovers software vulnerabilities 
and identifies security misconfigurations. Get a complete view of your vulnerability 
posture from an asset and vulnerability point of view in the Vulnerabilities tab. To know 
more refer to Discover Vulnerabilities 


Prioritize Threats 


Run the VMDR Prioritization report to prioritize most critical risk based on vulnerabilities 
on your assets based on real-time threat indicators and identify what to remediate first. 
To know more refer to VMDR Prioritization Report 


Detect & Deploy Missing Patches 


Deploy the most relevant superseding patches depending on your prioritization report 
from the Patch Management app. To know more refer to Patch Management 


Identify your Assets 
Get Started with Cloud Agents 


Identify your Assets 


Set up your Cloud Agents, scanners and sensors so as to continuously discover and build 
inventory of your IT assets that are on-prem, cloud, mobile, container, applications 
providing 100% real-time visibility. 


Get Started with Cloud Agents 


Start building your inventory by installing new cloud agents or by upgrading your existing 
cloud agents for VMDR. 


VMDR requires the activation of a purpose-built engine for detecting missing patches for 
Cloud Agents. While this engine is extremely lightweight and efficient, activating Cloud 
Agents for VMDR will require a 20MB download and 100MB of free space on each host for 
these components. 


Install new agents 

Upgrade existing agents 

Know the requirements 

Here are the system requirements for installing and running Cloud Agents: 


- Host must reach Qualys Cloud Platform (or Qualys Private Cloud Platform) over HTTPS 
port 443 


- (Windows) Local administrator privileges on the host. Proxy configuration is supported. 


- (Linux, Mac, AIX) Root privileges, non-root with sudo root delegation, or non-root with 
sufficient privileges. Proxy configuration is supported. 


Install new agents 


< Download and Install Cloud Agent 


Download and Install Cloud 
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Windows 


Download Cloud Agent 


Supported OS E A © é e 
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your local machine. Run the installer on 
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Linux 


Identify your Assets 
Get Started with Cloud Agents 


Navigate to the Welcome 
option in the Help menu to 
view the Welcome page. In 
the Identify Assets section 
click the Download Cloud 
Agent button. 


Select an OS and download 
the agent installer to your 
local machine. Run the 
installer on each host from 
an elevated command 
prompt. 


For example, click Windows 
and follow the agent 
installation instructions 
displayed on the page. We 
provide you with a default AI 
activation key for the agent 
installation. To add or 
manage your keys, go to 
Cloud Agent » Agent 
Management. 


Identify your Assets 
Get Started with Cloud Agents 


Upgrade existing agents 


Navigate to the Welcome 
option in the Help menu to 
view the Welcome page. In 
the Identify Assets section 
click the Configure Agents 
for VMDR button. 


Configure Agents for VMDR 


Supported OS E A 9 é o 


Select the desired activation 
€— Configure Agents for VMDR keys and click Upgrade. The 
selected activation keys will 
be upgraded for VMDR. 


Upgrade Agents with Activation Keys 


the activation of a purpose-built engine for detecting mis 


Cloud Agents 
ith those keys 


= Actions (1) | Manage Cloud Agent Keys 1-21 of 21 


£t Unlimited Key 
| FusFinance 


Default AI Activation Key 
f77cec86-2558-4545-827. 


45-8a7a-7cb543be50 GJEGJec 0 


£t Unlimited Key 
Mount nae) no WWW 1 
c] NEN 
as per 


To know more download the Cloud Agent Getting Started Guide. 


Identify your Assets 
What are the other ways to find assets 


What are the other ways to find assets 


You can also build your inventory for on-prem (devices and applications), mobile, 
endpoints, clouds, containers, OT and IoT assets using scanners, sensors, or connectors. 


Navigate to the Welcome option in the Help menu to view the Welcome page. In the 
Identify Assets section select how you want to start configuring your inventory. 


Scanners Passive Sensor Cloud Inventory Container Inventory Mobile Device Inventory 
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Deploy Scanner Deploy Sensors Create Connectors Let's Start Let's Start 


What's next? 


You will start viewing all your assets and vulnerability details in the Vulnerability tab in 
VMDR. 
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Discover Vulnerabilities 


Discover Vulnerabilities 


Once your inventory is built, you can view the vulnerability posture of your assets in the 
Vulnerability tab. You can search for vulnerabilities by vulnerability and by asset. All the 
assets and their associated vulnerability details that are identified by cloud agents, 
scanners and sensors are listed in the Vulnerabilities tab. 


VMDR DASHBOARD VULNERABILITIES SCANS REPORTS REMEDIATION ASSETS KNOWLEDGEBASE USERS 
mm 


Vulnerabilities 


Vulnerability v ^ Q Search... 


19 ET | croup ey:... v | | W Filters v 1-190f 19 


Total Detections 


E 105228 Built-in Guest Account Not Renamed at Win... MEE Mar 23 , 2020 Feb 28 , 2020 EC2AMAZ-P532... 
Acti 3860475 
SEVERITY ve 38604 
2 9 105170 Microsoft Windows Explorer AutoPlay Not D... MIN Mar 23 , 2020 Feb 28 , 2020 EC2AMAZ-P532... 
3 6 Active 3860475 
5 2 
$ 2 105171 Windows Explorer Autoplay Not Disabled for... EI Mar 23 , 2020 Feb 28 , 2020 EC2AMAZ-P532... 
Active 3860475 
CATEGORY 90007 Enabled Cached Logon Credential [jul Mar 23 , 2020 Feb 28 , 2020 EC2AMAZ-P532... 
Windows 8 Active 3860475 
Security Pol 6 
SM E E 90044 Allowed Null Session um Mar 23 , 2020 Feb 28, 2020 EC2AMAZ-P532... 
Internet Explorer 3 abe 
Active 3860475 
Local 2 
90213 Windows Registry Setting To Globally Preve... — Mar 23 , 2020 Feb 28 , 2020 EC2AMAZ-P532... 
OPERATING SYSTEM Active 3860475 
ORES ULE m 100369 Microsoft Edge and Internet Explorer same-.. MEH Mar 23 , 2020 Feb 28 , 2020 EC2AMAZ-P532... 
Microsoft Windo. 9 Active 3860475 
TYPE DETECTED 100402 Microsoft Internet Explorer Security Update .. HMMM Mar 23 , 2020 Mar 16 , 2020 EC2AMAZ-P532... 
Active 3860475 
Confirmed 17 
Potential 2 91610 Microsoft Windows Servicing Stack Security... MIN Mar 23 , 2020 Mar 16 , 2020 EC2AMAZ-P532... 
Active 3860475 
STATUS 
LES Am 91609 Microsoft Windows Security Update for Mar... MENEH Mar 23 , 2020 Mar 16 , 2020 EC2AMAZ-P532... 
Active 3860475 


Switch between the Asset and Vulnerabiliy view and drill down to a specific asset or 
vulnerability. From the Quick Action menu, click View Details to get more information. 


In case the vulnerability is Qualys patchable and you have the Patch Management add on 
in your subscription then you can view the Patch Now option in the details view, which 
helps you initate the deployment workflow in Patch Management. 


If you have the Security Configuration Assessment add-on then you can do configuration 
assessment and identify security misconfigurations on your assets based on CIS 
benchmarks 
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VMDR Prioritization Report 
Generating Prioritization Report 


VMDR Prioritization Report 


The VMDR Prioritization report allows you to automatically prioritize the riskiest 
vulnerabilities on your most critical assets - reducing potentially thousands of discovered 
vulnerabilities, to the few that matter. 


The Prioritization report: 


- Guides you to focus resources in the right area to first patch the highest risk 
vulnerabilities. 


- Increases the security posture of your organization by identifying and remediating the 
vulnerabilities that are likely to get exploited in the wild by threat actors. 


- Empowers security analysts to pick and choose the relevant threat indicators. For 
example, if an organization has financial data of users, they can prioritize vulnerabilities 
based on 'High Data Loss' indicator to first identify and remediate vulnerabilities that may 
result in data exfiltration, if exploited. 


- Helps you identify the specific patch that fixes a particular vulnerability. 


- Reduces remediation time by detecting the patch to be deployed from the same platform 
in an integrated worktlow, at the click of a button (if Patch Management app is enabled in 
your subscription). 


- Includes only the confirmed vulnerabilities. 


Generating Prioritization Report 


Using real-time threat intelligence, we help you detect and prioritize the vulnerabilities to 
remediate first, based on your environment. The report also indicates the most critical 
threats and prioritizes patching. 


Before you start generating the prioritization report, ensure that: 


- You have gathered the vulnerability posture for the assets. You could build your 
asset inventory using Cloud Agents or other methods such as Scanners, Passive 
Sensor, Cloud Inventory, Container Inventory, Mobile Device Inventory. All the 
assets and their associated vulnerability details that are identified by cloud 
agents and sensors are listed in the Vulnerabilities tab. Refer to Identify your 
Assets. 


- You have the Create Report permission (part of Global Reporting permissions). 
Contact your manager if you do not have the adequate permissions. 


1. Go to Prioritization » Reports and click Create Report. If you are generating the report 


for the first time, click * onthe Prioritization tab. 


2. Select the Asset tags to narrow down your prioritized list to vulnerabilities associated 
with the assets you select. 
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VMDR Prioritization Report 
Generating Prioritization Report 


3. Select the various filters for VMDR Prioritization report. 


€— VMDR Prioritization 


(Export to Dashboard ) ( Download Report 


Asset tags (3) 


2 
8 154 : 
J ECZAGENT x [Business Units x || Cloud Agent x = 
Total Assets Total Vulnerabilities baram = 
Detection Age @ Real-Time Threat Indicators (RTI) (4) @ Attack Surface @ 
Running Kernel 
= n Easy Exploit (58 Patch Not Available (58) ) ( High Data Loss (28 €D 
E de Running Service 
g Zero Day (6) ) ( Pubiic Exploit (22 Malware (0) ) (^ Wormable (0) a €D 
P3 Not Mitigated by Configurati 
Denial Of Service (26) ) ( Active Attacks (10)) (( Exploit kit (D) —— E «e 


Remotely Discoverable Or 
High Lateral Movement (22 Predicted High Risk (0) lemotely Discoverable Only 


Detection Age: Select detection age ranges (0-30, 31-60, etc.) to include in the report. The 
Detection age is based on when the vulnerability was first detected (by a scanner or cloud 
agent). 


Real-Time Threat Indicators: Select the Real-Time Threat Indicators (RTIs) that you're 
interested in. Your report will include vulnerabilities that match *any* of the selected RTIs. 


Attack Surface: Select these filters to remove vulnerabilities from the report that aren't 
the highest priority so you can focus on what's most critical to your organization. 


4. Click Prioritize Now to enable the threat intelligence to prioritize the riskiest 
vulnerabilities on your network for the assets you selected. 


Once you generate the report, you could proceed with patching the vulnerabilities (if Patch 
Management app is enabled in your subscription), export the report in the form of a 
widget to your dashboard or download the report in CSV format. 
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VMDR Prioritization Report 
Reading the VMDR Prioritization Report 


Reading the VMDR Prioritization Report 

Using the VMDR Prioritization Peport, you can detect which vulnerabilities to remediate 
first. The report contains of two sections: Summary and Details. 

Summary 


The Summary section of the VMDR Prioritization report displays the findings with the 
following three sections: 


Prioritized Assets (7 Prioritized Vulnerabilities © Available Patches © 


e 100% 331) Instances 75.06% o Unique 


of4 of 441 


Prioritized Assets 


Depending on the asset tags that you choose, the assets are identified for this report. 
Prioritized Assets is the count of assets out of the total assets with vulnerabilities that 
meet the combination of the detection age, RTIs, and attack vectors you selected. 


In the above example, 8 assets matched the selected asset tags. Out of the 8 assets, 2 
assets had vulnerabilities that met the combination of the selected detection age, RTIs, 
and attack surface. 

Prioritized Vulnerabilities 

The Prioritized Vulnerabilities section displays a summary of prioritized vulnerabilities 
that are detected on the assets. 


Instances: The count indicates the total number of vulnerabilities that meet the 
combination of the detection age, RTIs, and attack surface you selected. 


The count may include multiple occurrences of a single vulnerability (that is a single QID) 
detected on multiple assets. 


In the above example, 154 vulnerabilities were detected on the 8 assets. Out of the 154 
vulnerabilities, 8 vulnerabilities met the combination of the selected detection age, RTIs, 
and attack surface across the 2 assets. 


Unique: The count of unique vulnerabilities (excluding duplicate QID instances) out of the 
vulnerability instances identified/detected. 


In the above example, out of the 8 instances, 6 are unique vulnerabilities. 
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VMDR Prioritization Report 
Reading the VMDR Prioritization Report 


Available Patches 


Count of the patches that are available with Qualys. Click Patch Now to initiate the 
process of patching the vulnerabilities. For more details refer to Patch Management. 


Note: The Patch Now button is enabled only when Qualys can automatically 
patch the vulnerability and the Patch Management app is enabled in your 
subscription. 


Details 

The details section includes detailed information about prioritized vulnerabilities, patches 
and prioritized assets. Use the tabs to toggle between the three views. The Vulnerabilities 
and Assets tabs offer search capabilities using limited tokens. 


iso | oe ) 


1-6o0f 6 


Q search... 
No CVEs Assigned Microsoft Windows IcmpSendEcho2Ex Denial of Service Vulnerability - Zero Day 118425 2 PatchNow v 
No CVEs Assigned Microsoft Windows "ZwSetlnformationProcess()" Local Denial of Service Vulnerability 90869 2 Pi ! 
E-2018-1035 : : : "4 
Microsoft Windows Security Update May 2018 91447 1 ( Patch Now v 
E-2019-0690 ; ; : ( 
Microsoft Windows Security Update March 2019 91510 ] ( PatchNow v 
CVE-2018-8340 i i r ( 
à Microsoft Windows Security Update August 2018 91465 1 ( PatchNow v 
E-2018-83' : m f 
Microsoft Internet Explorer Security Update for August 2018 100341 ] ( PatchNow v 


Export To Dashboard 


You can export the VMDR Prioritization report to dashboard in the form of a widget and 
continuously monitor the widget to check the vulnerabilities on the prioritized assets. 


Here are the steps to export the report to your dashboard. 

Note: The Export to Dashboard button is enabled only after you have generated the report. 
1) On the VMDR Prioritization report, click Export to Dashboard. 

2) Provide a name for the widget. 

3) Select the Dashboard you want to add the widget to and then click Export. 

The widget is added to the dashboard. 
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VMDR Prioritization Report 
Reading the VMDR Prioritization Report 


Download Reports (CSV format) 


You can download the VMDR Prioritization report to your local system in CSV format. The 
Download button is enabled after you have generated the VMDR Prioritization report. 


Note: Missing patches can be downloaded in your report only if you have the Patch 
Management add-on enabled in your subscription. 


1) On the VMDR Prioritization report, click Download. 
2) Provide a name and description (optional) for the report. 


3) Currently only CSV option is supported so it is preselected for you. 


4) If required, you can change timezones for dates included in report using the Change 
timezones for dates included in report option. By default, the browser's time zone is used 
to report dates in the report. 


5) Click Download. 


The VMDR Prioritization report is downloaded to your local system in CSV format for 
future reference. 
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Patch Management 
Patch Vulnerabilities from VMDR Report 


Patch Management 


In the VMDR Prioritization report you can view the assets and vulnerabilities that can be 
patched by Qualys. You can initiate the patching process and patch the vulnerabilities 
directly from the report. 


Note: Deployment of patches is available directly from the VMDR Prioritization report only 
for customers with the Patch Management add-on. 


Patch Vulnerabilities from VMDR Report 


The Summary section of the VMDR Prioritization report displays findings with the 
following three sections: 


Prioritized Assets C Prioritized Vulnerabilities © Available Patches (7 Deals 


@ 100% Q Instances Tits Q Unique 


off iM 


Vuleratilty YO Linux Patches m 6) 


View Missing Linux Patches 


The Available Patches widget shows the count of the patches that are available with 
Qualys. Click Patch Now to initiate the process of patching the vulnerabilities. 


Note: The Patch Now button is enabled only when Qualys can automatically patch the 
vulnerability and the Patch Management app is enabled in your subscription. 


To initiate the patching process click the Patch Now button and choose to perform one of 
the following actions: 


Zero-Touch Patch Job © 


ws Patches 
View Missing Windows Patches 
Linux Patches 122 


View Missing Linux Patches 


Zero Touch Patch Job- Opens the wizard to create an automated job to proactively patch 
current and future Windows vulnerabilities based on the criteria selected while 
generating the Prioritization report in the Patch Management app. Follow the instructions 
in the wizard and initiate the patching process by creating a new job. 


Windows Patches- Displays the list of Windows Patches in the Patch Management app. 
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Patch Management 
Patch Vulnerabilities from VMDR Report 


View Missing Windows Patches - Displays the list of missing Windows patches for the 
prioritized assets and vulnerabilities. You can view the list of missing patches even with 
the free version of Patch Management app that is activated for the assets. 


CVE-2019-1060 


Microsoft Windows Security Update for October 2019 91582 1 ( PatchNow v ) 
Add to New Job ( Upgrade) 
lo CVEs Assigned Microsoft Windows IcmpSendEcho2Ex Denial of Service Vulnerability - Zero Day 118425 1 
Add to Existing Job (_ Upgrade ) 
CVE-2020-0819 
Microsoft Windows Security Update for March 2020 91609 1 View Missing Patches 


Linux Patches -Displays the list of Windows Patches in the Patch Management app. 


View Missing Linux Patches - Displays the list of missing Linux patches for the prioritized 
assets and vulnerabilities. You can view the list of missing patches even with the free 
version of Patch Management app that is activated for the assets. 


For more information, refer to the Patch Management online help. 
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